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ABSTRACT 



A n access contr ol apparatus and method. Enrollment is 
conauctea at a centralized server and enrollment data, such 
as identification data is dowrdoaded to plural local access 
units at respective entrances to a restricted area. The local 
access units then collect data of a person upon an attempted 
entry in to the area and compare the data with downloaded 
enrollment data to determine if the person is authorized for 
access. If the person is authorized, an access control device 
is operated to open a door, gate, or the like of the entrance. 
The eproUmen l^ata ^can be biometric data and the same typ e 
or different type of biometric data can be collected at the 
local access units. If a different type of data is collected at 
the local access units and is correlated to data stored on the 
local access unit, data of the same type as the downloaded 
data is collected and compared to the downloaded data for 
access control. T he enrollment data can be pon environmen - 
tally affected data, such as fingerprint parameter data and the 
different type of data can be erivironmentally affected data, 
such as facial parameter data. 

27 Claims, 4 Drawing Sheets 
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FIG. 3 
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FIG. 4 
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DISTRIBUTED BIOMETRIC ACCESS being for automatically recognizing or verifying identity. 

CONTROL APPARATUS AND METHOD Examples of biometric parameters are facial data, retinal 

data, fingerprint data, speech data, and the like. 
Generally, biometric systems operate in the following 

BACKGROUND OF THE INVENTION 5 manner First, a system captures a sample of at least one 

^ 1 J r *t_ T biometric parameter during an "enrollment" process. The 

1. Field of the Invention , ^ „^t^A u,. crdo™ i^t^ ^ rr.^iu 

parameters are then converted by the system mto a matn- 

Hie invention relates to automated systems for permitting ematical code, i.e., data, that is stored as the biometric 

authorized persons to access secured buildings or other areas template representing measured biometric parameters for 

while preventing such access by unauthorized persons. More person. There may also be a way to correlate the 

particularly, the invention relates to an access control system ^ template to the person. For example, a personal identifica- 

which uses biometric parameters to identify authorized tion number (PIN) can be given to an enrolled user, which 

persons and to permit access by the authorized persons. is entered to access the template. Anew biometric sample is 

2. Description of the Related Art then taken and compared to the template or to a group of 
The invention relates to restricting access into a restricted templates. If one of the templates and the new sample match, 

area and thus the temi "access", as used herein, refers to P<='f«^ ^ recognized as audiorized. S SlB .to,a >^omet ^ 

physical entry into a building, or other restricted area, nc system is die engine whichpr^ses^^^^^^ 

tV 1 . • . 1 - . .1 . - r V -ij- data in accor aance_w nnvanoi][5 aijiorithms or arfifi^al 

However, the restncted area can be the extenor or a buildmg n eural netwoSs — " ~, ... ju^u.'^n ii 

or the like and thus the invention can be appHed to control- ^^g^^S^Tric systems use "identification" methods and 

hng entry or exit out of a buildmg or other area There have ^ ^^^^ "verification" methods. In identification systems, 

always been situations in which it was desirable to restrict ^ ^ presented to the biometric system and the system 

access to certam physical areas to a select person or group ^^^^ ^n^uipis to find out who die sample belongs to by 

of people. Such restricted access has been accomphshed by comparing the sample widi a plurality of templates obtained 

fences, walls, locks and other barners. However, even the through enroUment. Verification systems on the other hand 

use of barriers has not prevented unauthorized access. ^ perform a one-to-one process where the biometric system is 

Accordingly, it has been necessary in many instances to seeking to verify identity. A single biometric sample is 

provide human surveillance in the fonm of a security guard matched against a single template obtained during enroll- 

at an entrance to an area or t hrough the use of video cameras ment. If the two match, the system effectively confirms that 

or the like to transmit images to a sec unty guard ai a remote the person actually is who he presents himself to be . The key 

or c entralized locatio n. Of courseTthe use of security guards difference between these two approaches centers on the 

and video cameras can become expensive and is only as logic addressed by the biometric system and how these fit 

reliable as the particular guard and his state of alertness at within a given application. Identification systems decide 

any particular time. ' who the person is and can check whether more than one 

The complexities of modern society have only served to matahing biometric template exists. Accorchngly, idenfifica- 

tu A P ^ ^^^^^ . c^, tion systems can deny access to an indmaual who is 

mcreasc the need tor access control, ror example, many 35 \- ^ l- ir xr -^u 41. a 

J . . 1 *4 * attempting to pass himself off with more than one identity, 

government agencies and contractors work on matters tha verification, on the other hand only decides if the person is 

areof aconfidentialoreven-topsecret nature In fact, mos ^ Accordingly, identification systems are 

workplaces, such as offices, warehouses, and even retad ^^^^ versatfle and powerful. However, verification systems 

stores m some instances, have a need to unplement access ggneraUy require less processing horsepower and thus are 

control to prevent the theft of intellectual property and/or 40 commonly used. 

goods. typical biometric a ccess co ntrol sys tems, biometric 

In response to die need for access control, many govern- sensorrareplaced proxunate entraps an d are hoked to a 

ment agencies and businesses have issued identification central computer haying biometric "enrollment" dat a; i.e., 

cards to their employees and other authorized personnel. templates, representing biometric parameters of authorized 

Often, the identification card includes a picture of the 45 users collected from a central enrollment station. If the 

authorized person. However, such an identification card sdll biometric^ p a tametei_coU e cted at the entrance matches a 

requires a security guard or other personnel for verification. tem plate store d in the centraj co mputer , acc ess "js'granted . ^ 

Also, such cards are easily forged by replacing the picture however, conventional Biometric systems have several liini- 

with that of an unauthorized person. To overcome these tations. In particular, the sensing accuracy of biometric 

hmitations, it is known to provide the employee with a 50 parameters, suc h as facial paramete rs, retinal parameters, 

personal identification number (PIN) or other identifying and the like is highly dependent on the environment in which 

code. The identifying code can be encoded in a magnetic the parameters are sensed. For example, the lighting 

strip or the like in a security card and read by an automated intensity, angle and color will affect sensing of biometric 

reader at an entrance to grant access only to persons having parameters. Accordingly, the ability to reliably match data 

the card. Alternatively, the code can be entered by the user S5 representing parameters collected at an entrance with data of 

on a keypad to gain access. However, the use of identifying templates collected during enrollment is limited, especially 

codes also has drawbacks in access control applications. In when the entrance is an external entrance where the weather, 

particular, the identification card can be stolen or die user season, and time of day will affect lighting signiflcanUy. 

can be forced under duress to reveal their code. In such Also, sensing biometric parameters, converting the param- 

cases, unauthorized possessors of the card or code can gain eo eters to data, communicating the data to a central computer, 

access to a restricted area. and comparing the data parameters with templates of enroU- 

The use of biometrics has been proposed as a solution to ment data in the central computer is relatively time 

the hmitations noted above. Generally, the term "biomet- consuming, even with modem high speed computers and 

rics" refers to the study of measurable biological communication hnks. Accordingly, such systems present 

characteristics, i.e. biometric parameters, of a living being. 65 significant inconveniences to the authorized persons through 

In the context of security, "biometrics" refers to techniques improperly rejected access and time delays prior to granting 

that rely on a unique, measurable characteristic of a living access. 
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The use of less environmentally affected biometric It is an object of the invention to maximize the speed of 

parameters, such as fingerprint parameters can alleviate biometric identification access control, 

some of the problems noted above. However, sensing such n is another object of the invention to maximize the 

parameters requires that the person desiring access make accuracy of biometric identificadon access control, 

physical contact with a sensor, such as a fingerprint scanner, < . l- * r • * • • • iu 

upon each entry request. Als^, such paraiieters are easily . ^ ".""her object of the mvenUon to minimize the 

affected by skin debris, and skin blemishes. Therefore, the inconvenience and obtrusivencss of biometnc identificaUon 

person desiring access may have to wipe off their finger, not access control. 

to mention remove any ^ovcs, prior to submitting to the It is another object of the invention to minimize the effect 

physical contact with the sensor. The match tolerance of environmental variables in biometric identification access 

between a template and data corresponding to a measured control. 

parameter can be increased to minimize lockout of autho- n is another object of the invention to clearly indicate any 

rized users. However, such an approach inherently reduces security anomaly in a biometric identification access control 

the accuracy and effectiveness of the system by increasing system. 

the likelihood of allowing access to unauthorized users. ac * • *- - * r * i 
xr«« vr , . • 1^ A first Bspcct 01 the mveution IS Bn appaTatus for control" 

U.S. Pat. No. 5,802,199 attempts to solve the issue of slow f ^„ ^^r«„w„i,,„ , 

... . . -J . . . .... nng access into an area CO mpnsmg a server mduding server 

response in biometric identification systems by transmittmg . j^ ntrj- ii j* 

^ r ^ 1* u* j*u u 11 *f memory and a server data collection device configured to 

a subset of templates ob tamed through enrolhnent from a n / j .-^ ** • j . l • j 

central computer to one of plural "local" computers. If the ^^^^^^^ identification data assigned to each authonzed 

user attempts to use an ATM terminal that corresponds to the P^^,^°' f ^.^^ f located at an entrance to the area 

"local" computer, identification is accomplished by collec- 20 mcludrng local memory, a local processor, a local 

tion of biometric data and a PIN number and by comparison biometnc parameter sensing device, a local data collection 

with templates in the "local'' computer. If a matching ^^^^^^ a° ^^^^ control device, and a communication 

template and PIN number is not in the "local"' computer, channel for downloading the identification data from the 

biometric identification is accomplished in the central com- server to the local access unit. The local processor is 
puter by transmitting collected data over a remote commu- 25 operative to compare biometric parameter data of a person 

nication link- proximate the entrance collected by the local biometric 

U.S. Pat. No. 5,802,199 relates to identification for allow- parameter sensing device with biometric parameter data 

ing use of ATM terminals and not for access control as stored in the local memory and to grant access to the area by 

defined herein. The practical communications of access operating the access control device if the biometric param- 
control and ATM use control are quite different. For 33 eter data collected by the local biometric parameter sensing 

example, the "local" computers disclosed in U.S. Pat. No. device and biometric parameter data stored in the local 

5,802^199 are apparently not at the location of biometric memory correspond to one another. The processor is also 

sampling, Le. the ATM terminal. It appears that plural AIM operative to prompt the person to enter the identification 

terminals are assigned to each local computer because of the jata through the local data collection device and grant 

inherent, geographic distnbution of AIM terminals. The access to the area by operating the access control device only 

local computers are actually centr^ized compiiters. ^^^^ identification data of an authorized person is 

^rdingly, the system disclostd m U.S. Pat. No 5,802. ^^^^^^ jj,^^ ^^^^^j^^ parameter data collected by the local 

199 IS not suitable for high speed access control which ^ . ^ ^. j.. V- 

generally requires high speed identification within a rela- ^^^^^^'^^ f'^f '^T^, ^^V""^ biometnc 

lively small geographic area, such as a single building or P^f^meter data stored m the local memory do riot corre- 
campus. Also, since enrollment is conducted centraUy, i.e. 40 spond. The processor is also operative to store the biometnc 

not at the site of the ATM terminal, environmental variables Parameter data collected by the local biometnc parameter 

will affect the accuracy of identification. Finally, this system sensing device m correspondence with the entered identifi- 

requires that two separate things be recognized, the bio met- cation data in the local memory when the biometric param- 

ric sample parameters and a PIN number entered by the user. eter data collected by the local biometric parameter sensing 
U.S. Pat. No. 5,903,225 discloses an access control sys- 45 device and the biometric parameter data stored in the local 

tem in which data is encoded on a card during an enrollment memory do not correspond and identification data of an 

procedure in correspondence to the person's fingerprint. autho rized person is entered through the local data collection 

When attempting to gain access to a restricted area, a device. 

transmitter on the card transmits the data to a receiver at the A second aspect of the invention is an apparatus for 
entrance to grant access. This system apparently does not 50 controlling access into an area comprising a server including 

implement biometric recognition or identification and thus server memory and a server data collection device config- 

has the same limitations as conventional access systems ^^d to collect identification data assigned to each autho- 

using magnetic cards. In particular whoever possesses the ^zed person, plural local access units located at respective 

card is granted access regardless of their identity. entrances, each local access unit including local memory, a 

U.S. Pat. No 4,993,068 discloses an acce^ system m i^^al processor, a local data coUcction device and an 

which the enrollment procedure includes recording biomet- ^^j,,^^, ^^^^^^ device, and a communication channel for 

ric data on a card to be earned by the user and comparing the j 1 *i. -j * c *• j * r *t. * u 

J -.1. J . r t_- . • . ^ ^ downloading the identification data from the server to each 

data on the card with data of biometnc parameters measured c,u ^ ^ * • 1 tt. • ^- . 

at the entrance. This system is inherenUy a verification P^^' '^"ff ^ The processor is operative to 

system and thus is not as flexible as an identification system f^^^f^ data collected by one of the local access units with 
for the reasons discussed above. Also, since enroUment is ^0 data downloaded over the communication channel and ope r- 

conductcd at a central location, sensing of parameters upon the entrance control device based on results of the 

access can be affected by the environment at the entrance. companson. 

Accordingly, the accuracy of this system is limited. ^ ^^^^^ ^P^^^ ^^e invention is a method of controlling 

^,T» ^ access into an area comprising the steps of collecting 

SUMMARY OF THE INVENTION identificaUon data assigned to a^ authorized person with I 

It is an object of the invention to overcome the limitations server, downloading the identification data from the server 

of the known systems described above. to a local access unit located at an entrance and having an 
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access control device, comparing biometric parameter data 
of a person collected proximate the entrance by the local 
access unit with biometric parameter data stored in the local 
access unit and granting access by operating the access 
control device if the biometric parameter data collected 
proximate the entrance and biometric parameter data stored 
in the local access unit correspond to one another, prompting 
the person to enter the identification data into the local 
access unit and granting access by operating the access 
control device only when the identification data of an 
authorized person is entered if the biometric parameter data 
collected proximate the entrance and the biometric param- 
eter data stored in said local access unit do not correspond, 
and storing the biometric parameter data collected proximate 
the entrance in correspondence with the entered identifica- 
tion data in the local access unit when the biometric param- 
eter data collected proximate the entrance and the biometric 
parameter data stored in the local access unit do not corre- 
spond and identification data of an authorized person is 
entered through the local access unit. 

A fourth aspect of the invention is a method of controlling 
access into an area comprising the steps of collecting 
identification data assigned to an authorized person with a 
server, downloading the identification data from the server 
to each of plural access imits located at respective entrances 
to the area and including an entrance control device, col- 
lecting data with one of the local access units, comparing the 
data collected by the local access unit with the identification 
data downloaded during the downloading step, and operat- 
ing the entrance control device based on results of said 
comparing step. 

A fifth aspect of the invention is a method of controlling 
access into an area comprising the steps of a primary 
emollment in which identification data is assigned to an 
authorized person, an identification step in which a biomet- 
ric parameter is sensed and converted to biometric parameter 
data and in which the biometric parameter data is compared 
to stored biometric parameter data, an access granting step 
when the biometric parameter data corresponds to the stored 
biometric parameter data in the identification step, and a 
secondary enrollment step in which the biometric parameter 
data is stored as the stored biometric parameter data when 
the biometric parameter data does not correspond to the 
stored biometric parameter data in the identification step and 
the identification data is entered. 

BRIEF DESCRIPTION OF THE DRAWING 

The invention is described through a preferred embodi- 
ment and the attached drawing in which: 

FIG. 1 is a block diagram of the architecture of an access 
control system of the preferred embodiment; 

FIG. 2 is a flow chart of the primary enrollment procedure 
of the preferred embodiment; 

FIG. 3 is a flow chart of the identification and secondary 
enrollment procedures of the preferred embodiment; and 

FIG. 4 is a flow chart of the anomaly enunciation proce- 
dure. 

DETAILED DESCRIPTION OF THE 
PREFERRED EMBODIMENT 

FIG. 1 illustrates the system architecture of a preferred 
embodiment of the invention. Biometric access control 
system 20 i ncludes server 40, plural local^ccess-units-60^ 
and commu nications cha nnel iiO. Server40 and local access 
units 60''can each incIuBe^microprocessor based digital 
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computers as described in detail below. In the preferred 
embodiment, communications chann el 80 is a local area 
net work (LAN) such as a n Ethern et ne twbr k communicating 
over a coaxial cable or un sftielded twisted pair (U li:') . 

5 However, communicadon ch annel HO can be any type of 
c ommunication channel using cables , radio fre quency 
Vransmission^ optical trans mission over ^bers, in Erared " 
transmission, or any other wirecf or wireiess"communication 
' miiag^ca^able of^providiD|n^''^5mm1In1gti5n*g 

10 herein . Any communications protocols and transmission 
medium can be used. For example, communication channel 
80 can be the Internet and each computer can have a separate 
IP address. Also, communication channel 80 can be accom- 
plished merely by physically moving a removable recording 

15 medium, such as a diskette, between server 40 and access 
terminals 60; a channel sometimes referred to as "sneaker- 
net". 

Server 40 is a digital microprocessor based computer, 
such as a personal computer, a minicomputer, a program- 

20 mable logic controller, or any other proprietary or non- 
proprietary device capable of accomplishing the processing 
and communication functions described below. Server 40 
includes cen tral proc essing unit (CPU) 4 2, memory de \jce 
44 (such as 'a magnetic hard drive), random access memory 

25 (RAM) 46, input devic e 48 (such as a keyboard and mouse), 
display 50, microphone 52, speaker 54, biometric parameter 
sensing device 56, a data bus (not illustrated) for providing 
communications between the various components and the 
appropriate interfaces for each component (also not 

30 illustrated). Biometric p arameter sensing device 56 serves to 
c ollect identification data d uring an e nrollment proceHur e, as 
described below, and can be of any type, such a | a finger- 
print scanne r, a _camera'for sensing facial parameters , a 
retinal scanner, orThe mce. i^or liie sake of discussion of the 

35 preferred embodiment, it is assumed herein that biometric 
parameter sensing device 56 is a fingerprint scanner capable 
of sensing parameters relating to a persons fingerprint. 
Server 40 has a control program stored on memory device 44 
which includes instructions for accomplishing the functions 

40 described below. The control program of server 40 also 
includes a biometric engine such as that described in U.S. 
Pat. No. 5,386,103, the disclosure of which is incorporated 
herein by reference. 
Local ^cqejS^janiu^O also is a digital microprocessor based 

45 computer, such as a personal computer a minicomputer, a 
programmable logic controller, or any other proprietary or 
non-proprietary device capable of accomplishing the pro- 
cessing and communication functions described below Only 
one local access unit 60 is illustrated in detail and discussed 

50 in detail below. However, each local access unit is similar 
and thus the description below applies to each local access 
unit 60, Local access unit 60 includes central processing unit 
(CPU) 62, memory device 64 (such as a magnetic hard 
drive), random ac cess memo r^ (RAM) 66, input dev ice 68 

55 (such as a keypad) , a jspIay VO, ^crophong^2 , speak er j?, 
biometri^ parameter sensing device Vd (serving as' an aux- 
iliary biometric parameter sensmg device), biometric param- 
eter sensing device 77, access controLde^gceJ^g (such as a 
lock solenoid, gate', or the like), 'a dTtabus (not illustrated) 

60 for providing communications between the various 
components, and the appropriate interfaces for each com- 
ponent (not illustrated), Biometric parameter sensing device 
76 preferably is of the same type, i.e. senses the same 
biometric parameters, as biometric parameter sensing device 

65 56 of server 40, a fingerprint scanner in the preferred 
embodiment. Biometric parameter sensing device 77 can be 
of any type but is preferably of a different. type, i.e. senses 
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different bio metric parameters, than biometric parameter 
sensing device 76. In the preferred embodiment, biometric 
parameter sensing device 77 is a camera f or scpsiDg_facial 
parameters . ' " " ' r^'j^' 

liach local acce s s u nit ffl,haj;-^ q^ p i^^ramstnradi 5 
memory device 'oV'whIcn mcludes instnictions ](ff||^LCCQ5i - 
phsbing theJ&ihctioD&^escrily^dJbtclQ^ v. The control pro- 
^grams of local access nnits 60 also include a biometric 
engine, such as that described in U.S. Pat. No. 5,386,103. 
Each local access unit 60 can include access panel 60a jq 
(including input device 68, display 70, microphone 72, 
speaker 74, biometric parameter sensing device 76, biomet- 
ric parameter sensing device 77, and access control device 
78) and controller 60b (including CPU 62, memory device 
64, and RAM 66). Access panel 60fl and controller 60b can ^5 
be housed separately. However, it will become apparent 
below that access panel 60fl and controller 606 preferably 
are located in close proximity to one another. The number of 
physical enclosures associated with local access unit 60 can 
vary as is required by the particular application and entrance. 20 

Server 4Q_can be^disnos^i^ at anv location in the building 
or other area to which access control system 20 is being 
applied or at^remoJ^ocatjjn.-Also, server 40 ca n be any 
one of pluTaTSmputer^^ oupled to a^^efwofl c^r can be 
embodied by plural compiifer^o^Eene^orK each con- 25 
ducting a different portion of the function of server 40. For 
example, the enrollment procedure disclosed below can be 
conducted on one computer and the anomaly monitoring 
functions disclosed below can be conducted by another 
computer with the two computers together constituting 30 
server 40. Local acce s s units 60 on the other hand are located 
in close pro ximity to respec|[ve door s or other entrances of 
the builBing or otiier area to whicffaccess control system 20 
is applied. Typically, access panels 60a are located just 
outside the doorframe and controllers 60b are located inside 35 
an entrance to the building or other area to prevent tamper- 
ing therewith. _ However, controllers 6(ib are preferably 
located close enough to respective access panels 60a to 
allow local communications through a serial port, parallel 
port. Universal Serial Bus (USB) port or the like. 40 

FIG. 2 illustrates the primary enrollment procedure of the 
preferred embodiment in which persons are authorized for 
access. A person to be allowed access to the area controlled 
by system 20 is brought to an enrollment location proximate 
server 40. Biometric parameters are serjsed by biometric 45 
parameter sensing device 56 of server 40 in step A. This is 
accomplished by placing the finger of the person on a 
sensing surface of biometric parameter sensing device 56 
and selecting appropriate menu choices displayed on display 



50 in accordance with the control program stored in memory so 




step A, 

In step C, it is determined if all enrollment is finished, i.e, 
if the operator of server 40 does not wish to enrbll other 
persons at this time. If so, the procedure continues to step D, 60 
if not, the procedure returns to step A for collection of 
biometric parameter data for another person. In step D, 
enrollment data, including biometric data and corresponding 
data entered in steps A and B respectively, is downloaded to 
each local access unit 60. The enrollment data can be stored 65 
in memory device 64 of each local access unit as templates 
in any format, such as known database formats. Accordingly, 
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the templates are stored in each local access terminal and are 
constantly or periodically updated with any new enrollment 
data collected during a primary enrollment procedure. Step 
D can be conducted immediately after step C or can be 
delayed lo download data in a batch process. The primary 
enrollment procedure comes to an end in step E. Of course, 
the primary enrolment procedure can be ' accomplished at 
any time and one or more persons can be enrolled during 
each procedure. Also, enrollment data can be deleted or 
modified as needed.. For example, when an employee leaves 
a company it may be desirable to delete his template so that 
he cannot be granted access to the buUding or other area. 
Also, when a person is promoted, their access privileges 
may be increased. Further, a terminated employees template 
may be left while his access privileges are revoked. In such 
a situation presence of the terminated employee can be 
flagged as an anomaly as described below. 

When primary enrollment for one or more authorized 
persons is finished, system 20 is ready to identify authorized 
persons and control access to a building or other area. FIG. 
3 illustrates the procedure for controlling access. As a person 
approaches a n entrance havijig remote access unit ^0 , bio- 
i]5gtric ~pa rami ter* sensing^evice' " TT '^begms to "sense 
parameters, e.g. tacial ima^e parameters, in an attempt to 
identify the person as an authorized person. For example, 
biometric parameter sensing device 77 can be in constant 
operation and can begin to sense facial parameters when a 
person is within a prescribed range. Alternatively, biometric 
parameter sensing device 77 can be turned on by the 
presence of the person using a proximity sensor or the like. 
The engine disclosed in U.S' Pat, No. 5,386,103 is capable 
of sensing parameters while the subject person is several feet 
away. In any event, as the person approaches remote access 
unit 60, facial parameters are sensed in step A. In step B, the 
data of the sensed parameters are comparecl with templates 
stored in memory device 64 of remote access unit 60. 

In step C, local access unit 60 determines if the approach- 
ing person has been identified through steps A and B and, if 
so, operates access control device 78 to grant access to the 
person in step D. Step D can require that the person press a 
button and/or turn a door handle to unlock the door. Also, an 
indication of granted access, such as a green light or a 
message on display 70 can be enunciated. If the determina- 
tion in step C is that the person was not identified,* the 
procedure branches to step E. For example, if it is the first 
time the person has approached the particular entrance and 
thus corresponding facial data is not stored in local access 
unit 60, if the environment (such as fighting) has changed 
since the time of the last collected facial data of the person, 
or if the person is not an authorized (i.e. enrolled) person, the 
facial parameter data of the person will not correspond to 
facial parameter data stored as templates in memory device 
64. In step E, the access granted indicator is not enunciated 
and the person is prompted, through a message on display 
70, to touch biometric parameter sensing device 76 with 
t heir fin'gtr to' ubtklaLa npgcrpani scan .- 

In step F, the data corresponding to fingerprint parameters 
obtained in step E are compared with fingerprint parameters 
in templates stored in' memory device 64 (see step D of the 
primary enrollment procedure described above with refer- 
ence to FIG. 2). If the person is authorized for access, i.e. has 
been enrolled, their fingerprint parameter data will corre- 
spond to a stored template in comparison step F. If the 
fingerprint parameters do not correspond to template, the 
person is not identified in step G, is not authorized, and thus 
is not granted access. Additionally, in step H, an alarm can 
be' sounded, proper personnel can be notified, or the 
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attempted entrance can be recorded for later review in the 
manner described in detail below. If the person is identified 
in step G, the procedure continues to Step I. 

In step I, the person who has been identified through 
fingerprint parameter data as being enrolled and thus 5 
authorized, but not identified through facial parameter data, 
is prompted by a message on display 70, to look towards 
local access unit 60 while biometric parameter sensing 
device 77 senses facial parameters of the person. The facial 
parameters are converted to data and stored as a template in 
memory device 64 in step J in correspondence with the 
existing biometric data and corresponding data downloaded 
and stored during step D of the primary enrollment process 
described above. Access is granted to the authorized person 
in step K. The procedure is then reset and returns to step A 
to await the next person. 

The template including facial parameter data stored in 
step J is used (along with other stored templates having 
facial parameter data) in comparison step B the next time the 
person approaches local access unit 60. Therefore, it is more 20 
likely that the person will be recognized in steps A-D above 
upon the person's next attempted entry and thus the relative 
inconvenience of steps E-J will not be required. However, 
steps E-J, i.e. the secondary eryollment procedure, can be 
accomplished anytime a person is not identified by virtue of 25 
facial parameters in step C. Eventually, enough facial 
parameter data is stored in memory device 64 to allow 
access of the authorized person in a variety of environmental 
conditions at the particular entrance. A similar procedure can 
be accomplished at other local access units 60, i.e. each 30 
entrance that the person uses. Of course, if the person alters 
their face by growing or shaving facial hair, gaining or 
losing a large amount of weight, having cosmetic surgery, or 
the Uke, the secondary enrollment of steps E-J will be 
accomplished again upon the person's next entry. Keep in 35 
mind that the user is always recognized through at least the 
first enrollment parameters, i.e fingerprint parameters, or the 
second enrollment parameters, i.e facial parameters, prior to 
being granted access. 

FIG, 4 illustrates a procedure for handling anomalies, 40 
such as unauthorized persons attempting to gain access, or 
unauthorized persons gaining access on the coattails of 
authorized persons. For example, each time access is granted 
in steps D or K of FIG. 3, local access unit 60 can count the 
number of persons passing through the entrance. If more 45 
than one person enters a "tailgating" anomaly is detected. 
Counting can be accomplished with biometric parameter 
collection device 77 or with any appropriate sensor, such as 
a photo sensor, proximity sensor, or the like. Further, an 
anomaly can be any situation other than the normal granting 50 
of access to an authorized person within their access param- 
eters. An anomaly can result from the satisfaction of any 
predetermined criterion. For example, it may be desirable to 
know if a particular authorized person or persons, gains 
access more than a preset number of times. Also, it may be 55 
desirable to know if a previously authorized person whose 
access privileges have been revoked is near an entrance. 
Local access unit 60 is programmed to detect any anomalies 
under conditions set forth by a system administrator or other 
supervisory person and programmed into the control pro- eo 
gram. 

In step A it is determined if an anomaly is present based 
on the programmed conditions. If an anomaly is present, 
local access terminal 60 notifies server 40 over communi- 
cation channel 80 in step B. Server 40 can be programmed 65 
to notify appropriate personnel by one or more of sounding 
an alarm, sending a message (by email, fax, telephone for 
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example), or the like in step C. As noted above, biometric 
parameter sensing device 77 collects image data of each 
approaching person or persons. Ordinarily, the image data is 
discarded, i.e erased from memory shortly after being 
recorded in step F. However, in the event of an anomaly, the 
previous several seconds of image data is saved and sent to 
server 40 over conununication channel 80 for display in 
substantially real time or for later review in step D. 
Accordingly, images, i.e. video, of each anomaly creating 
approach can be viewed in step E to determine the appro- 
priate action. For example, seciu"ity personnel can commu- 
nicate with the unauthorized person or persons causing the 
anomaly through the microphones 52 and 72 and speakers 
54 and 74 to ascertain the person's status or to warn the 
person of their violation of security policy. 

If an anomaly is not detected in step A, the image data 
recorded over the previous time period is erased in step F 
and processing returns to step A. Accordingly, a "loop" of 
video image data is recorded over and over and only saved 
or played back when an anomaly is detected. Therefore, 
there is no need to have personnel constantly view surveil- 
lance video. The personnel is notified when there has been 
an anomaly and shown only the relevant video images. The 
notified person or persons can be anyone coupled to the 
network of FIG. 1 or otherwise in conmiunication with 
server 40 through any type of communication channel. The 
anomaly detection procedure can run constantly in parallel 
with other processing. Also, instead of automatically enim- 
ciating an alarm or the like, the anomaly handling procedure 
can prompt the person to press a "doorbell" button to notify 
and communicate with security personnel or other appro- 
priate personnel, such as a receptionist. The button can be 
integrated with the fingerprint scanner of biometric param- 
eter sensing device 76 to thereby obtain a fingerprint scan of 
the person attempting entry. The personnel can then nor- 
mally grant or deny access. All access information, such as 
time, date and identity of persons granted or denied access 
(including approach video) can be logged and processed by 
local access units 60 and server 40 for statistical purposes, 
asset allocation, or for any other reason. 

It can be seen that the preferred embodiment provides the 
convenience of reliable biometric access control regardless 
of environmental variables without sacrificing accuracy. 
Also, the preferred embodiment processes the biometric 
parameters at the entrance and thus biometric identification 
can be accomplished very quickly. The preferred embodi- 
ment uses fingerprint parameters for a primary enrollment 
and facial parameters for a secondary enrollment. However, 
any biometric or other parameters can be used for each 
enrollment. The primary enrollment can be accomplished by 
using a PIN number as identifying data in combination with 
or in place of biometric parameters. Also, the secondary 
enrollment can be omitted and identification at the local 
access unit can be accomplished by the primary enrollment 
only. For example, enrollment and identification can be 
accomplished by virtue of sensing of a single biometric 
parameter with the server downloading templates to the 
local access units. Access can be granted by sensing the 
same parameters at the local access units and comparing to 
the downloaded templates stored in the local access units. 

There can be any number of local access units. Any 
hardware and/or software can be used in the invention for 
accomplishing the functions disclosed above. The various 
data communication and storage can be accomplished using 
any appropriate formats, protocols, and media. The various 
disclosed features of the invention can be combined in any 
manner. The control programs can be programmed in any 



06/14/2004, EAST Version: 1.4.1 



us 6,496,595 Bl 



11 



12 



10 



15 



Language by one of skill in the art based on the functioDs 
disclosed herein. Any biometric technologies can be used for 
identification in the invention and any type of sensors or 
scanners can be used to collect the appropriate data or 
parameters. The invention can be applied to identification 
and/or verification systems. The access device can be any 
device for selectively providing access. The invention can be 
used to control entry into an area or exit from the area. 
Accordingly, the term "entrance", as used herein, refers to a 
door, gate, passage, or the like through which persons can 
enter or leave an area. 

The invention has been described through a preferred 
embodiment. However various modifications can be made 
without departing from the scope of the invention as defined 
by the appended claims. 

What is claimed: 

1. An apparatus for controlling access into an area to, 
comprising: 

a server including server memory and a server data 
collection device configured to collect identification ^ 
data assigned to an authorized person; 

a local access unit located at an entrance to the area and 
including local memory, a local processor, a local 
biometric parameter sensing device, a local data col- 
lection device and an access control device; and 

a communication channel for downloading the identifi- 
cation data from the server to the local access unit; 

wherein said local processor is operative to compare 
biometric parameter data of a person proximate the 
entrance collected by said local biometric parameter 
sensing device with biometric parameter data stored in 
said local memory and to grant access to the area by 
operating said access control device if the biometric 
parameter data collected by said local biometric param- 
eter sensing device and biometric parameter data stored 
in said local memory correspond to one another, and 
wherein said local processor is operative to prompt the 
person to enter the identification data through said local 
data collection device and grant access to the area by 
operating said access control device only when the 
identification data of an authorized person is entered if 
the biometric parameter data collected by said local 
biometric parameter sensing device and the biometric 
parameter data stored in said local memory do not 
correspond, and wherein said local processor is also 
operative to store the biometric parameter data col- 
lected by said local biometric parameter sensing device 
in correspondence with the identification data in said 
local memory when the biometric parameter data col- 
lected by said local biometric parameter sensing device 
and the biometric parameter data stored in said local 
memory do not correspond and the identification data 
of an authorized person is entered through said local 
data collection device. 

2. An apparatus as recited in claim 1, wherein said server 
data collection device is a server biometric parameter sens- 
ing device, said local data collection device is an auxiliary 
local biometric parameter sensing device, and the identifi- 
cation data is biometric parameter data. 

3. An apparatus as recited in claim 2, wherein said server 
biometric parameter sensing device is of the same type as 
said auxiliary biometric parameter sensing device. 

4. An apparatus as recited in claim 3, wherein said server 
biometric parameter sensing device is a fingerprint param- 
eter sensing device, said auxiliary biometric parameter sens- 
ing device is fingerprint parameter sensing device, and said 
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local biometric parameter sensing device is a fadal param- 
eter sensing device. 

5. An apparatus as recited in claim 4, wherein there are 
plural local access units located at respective entrances and 
wherein said communication channel downloads the iden- 
dfication data to each of said local access units. 

6. An apparatus as recited in claim 1, wherein said local 
biometric parameter sensing device comprises a video cam- 
era and wherein said local processor is operative to store 
image data collected by said video camera and upload said 
video data over said communication channel to said server 
when an anomaly is detected. 

7. An apparatus for controlling access into an area com- 
prising: 

a server including server memory and a server data 
collection device configured to collect identification 
data assigned to an authorized person; 

plural access units associated with respective entrances, 
each local access unit including a local memory, a local 
processor, a local data collection device and an access 
control device; and 

a communication channel for downloading the identifi- 
cation data from the server to each of the plural local 
access units; 

wherein said local processor is operative to compare data 
collected by the one of said local access units with 
identification data downloaded over said communica- 
tion channel and operate the entrance control device 
only when the identification data of an authorized 
person is entered; and 

wherein, when the identification data downloaded over 
said communication channel and the biometric param- 
eter data collected by the one of said local access units 
and stored in said local memory do not correspond, and 
the identification data of an authorized person is 
entered through said local data collection device, the 
local processor is also operative to store the biometric 
parameter data collected by one of said local access and 
the identification data of an authorized person is 
entered through said local data collection device. 

8. An apparatus as recited in claim 7, wherein said server 
data collection device comprises a server biometric param- 
eter sensing device and the identification data is biometric 
parameter data. 

9. An apparatus as recited in claim 8, wherein said local 
data collection device comprises an auxiliary biometric 
parameter sensing device of the same type as said server 
biometric parameter sensing device. 

10. An apparatus as recited in claim 9, wherein said local 
access units each comprises a local biometric parameter 
sensing device of a different type than said auxiUary bio- 
metric parameter sensing device. 

11. An apparatus as recited in claim 9, wherein said local 
processor is operative to compare biometric parameter data 
of a person proximate the entrance collected by said local 
biometric parameter sensing device with biometric param- 
eter data stored in said local memory and to grant access by 
operating said access control device if the biometric param- 
eter data collected by said local biometric parameter sensing 
device and biometric parameter data stored in said local 
memory correspond to one another, and wherein said local 
processor is operative to prompt the person to enter biomet- 
ric parameters through said auxiliary biometric parameter 
sensing device and grant access by operating said access 
control device only when the biometric parameter data of an 
authorized person is entered through said auxiliary biometric 
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parameter sensing device if the biometric parameter data 
collected by said local biometric parameter sensing device 
and the biometric parameter data stored in said local 
memory do not correspond, and wherein said local processor 
is also operative to store the biometric parameter data 5 
collected by said local biometric parameter sensing device in 
correspondence with the biometric parameter data in said 
local memory when the biometric parameter data collected 
by said local biometric parameter sensing device and the 
biometric parameter data stored in said local memory do not lo 
correspond and the biometric parameter data entered 
through said auxiliary biometric parameter sensing device 
corresponds to an authorized person. 

12. An apparatus as recited in claim U, wherein said 
server biometric parameter sensing device is a fingerprint 15 
parameter sensing device, said auxiliary biometric param- 
eter sensing device is fingerprint parameter sensing device, 
and said local biometric parameter sensing device is a facial 
parameter sensing device. 

13. A method of controlling access into an area compris- 20 
ing the steps of: 

collecting identification data assigned to an authorized 
person with a server; 

downloading the identification data from the server to a 
local access unit located at an entrance and having an ^ 
access control device; 

comparing biometric parameter data of a person collected 
proximate the entrance by said local access unit with 
biometric parameter data stored in the local access unit 
and granting access by operating the access control 
device if the biometric parameter data collected proxi- 
mate the entrance and biometric parameter data stored 
in the local access unit correspond to one another; 

prompting the person to enter the identification data into 35 
the local access unit and granting access by operating 
the access control device only when the identification 
data of an authorized person is entered if the biometric 
parameter data collected proximate the entrance and the 
biometric parameter data stored in said local access unit ^ 
do not correspond; and 

storing the bionietric parameter data collected proximate 
the entrance in correspondence with the entered iden- 
tification data in the local access unit when the bio- 
metric parameter data collected proximate the entrance 45 
and the biometric parameter data stored in the local 
access unit do not correspond and the identification 
data of an authorized person is entered through the 
local access unit. 

14. A method as recited in claim 13, wherein the identi- 50 
fication data is biometric parameter data. 

15. A method as recited in claim 14, wherein the biometric 
parameter data collected proximate the entrance is of a 
different type than the biometric parameter data collected as 
the identification data. 55 

16. A method as recited in claim 15, wherein the biometric 
parameter data collected proximate the entrance is facial 
parameter data and the biometric parameter data collected as 
the identification data is fingerprint parameter data. 

17. A method as recited in claim 15, wherein said down- go 
loading step comprises downloading the identification data 

to plural local access imits located proximate respective 
entrances. 

18. A method of controlling access into an area compris- 
ing: 65 

collecting identification data assigned to an authorized 
person with a server; 
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downloading the identification data from the server to 
each of plural access units associated with respective 
entrances to the area, each local access unit including 
an entrance control device; 

collecting data with one of the local access units; 

comparing the data collected by one of the local access 
units with the identification data downloaded during 
said downloading step; 

operating the entrance control device collected based on 
results of said comparing step; 

prompting a person seeking access to enter identification 
data if the identification data downloaded during said 
downloading step and the data collected with one of the 
local access units do not correspond; 

storing the identification data collected by one of said 
local access units when the identification data down- 
loaded over said communication chaimel and biometric 
data collected by said local access units and stored in 
the local memory do not correspond and the identifi- 
cation data of an authorized person is entered through 
said local data collection device. 

19. A method as recited in claim 18, wherein the identi- 
fication data is biometric parameter data and the data col- 
lected by the local access units is biometric parameter data. 

20. Amethod as recited in claim 19, wherein the biometric 
parameter data collected by the one of the local access units 
is of a different type than the biometric parameter data 
collected as the identification data. 

21. Amethod as recited in claim 20, wherein the biometric 
parameter data collected by the one of the local access units 
is facial parameter data and the biometric parameter data 
collected as the identification data is fingerprint data. 

22. Amethod of controlling access into an area compris- 
ing the steps of: 

a primary enrollment step in which identification data is 
collected, assigned to an authorized person, and stored; 

an identification step wherein a biometric parameter is 
sensed, converted to biometric parameter data, and 
wherein said biometric parameter data is then com- 
pared to said stored identification data; 

an primary access granting step wherein, when the bio- 
metric parameter data corresponds to the stored iden- 
tification data, access is granted to said authorized 
person, or wherein when the biometric parameter data 
does not correspond to the stored identification data, 
access is denied and at least one additional biometric 
parameter is sensed and compared to the stored iden- 
tification data 

a secondary enrollment step wherein when said additional 
biometric parameter data corresponds to the stored 
identification data, said additional biometric parameter 
data is stored and correlated with said identification 
data; 

a secondary access granting step, wherein when said 
additional biometric parameter data corresponds to the 
stored identification data, access is granted to said 
authorized person. 

23. A method as recited in claim 22, wherein said primary 
enrolknent step is conducted with a centralized server and 
said secondary enrollment step is conducted with a local 
access unit, e 

24. A method as recited in claim 23 wherein the identi- 
fication data is biometric data and said primary enroUment 
step further comprises sensing a biometric parameter and 
converting the biometric parameter to biometric parameter 
data. 
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25. A method as recited in claim 24, whereia the bio metric 
parameter sensed in said secondary enrollment step varies 
due to environmental conditions surrounding said local 
access units that were not present during said primary 
enrollment step. 5 

26. A method as recited in claim 25, wherein the biometric 
parameter sensed in said primary enrollment step is a 
fingerprint parameter and the biometric parameter sensed in 
said secondary enrollment step is a facial parameter. 

27. A method of controlling access into an area compris- 10 
ing the steps of: 

collecting identification data assigned to an authorized 

person with a server; 
downloading the identification data from the server to a 

local access unit located at an entrance and having an 

access control device; 
collecting entrance biometric parameter data of a person 

at the time of an attempted entry into the area with said 

local access and 

20 

comparing the entrance biometric parameter data with 
biometric parameter data stored in the local access unit 
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and granting access by operating the access control 
device if the entrance biometric parameter data and 
biometric parameter data stored in the local access unit 
correspond to one another; 
prompting the person to enter the identification data into 
the local access unit and granting access by operating 
the access control device only when the identification 
data of an authorized person is entered if the entrance 
biometric parameter data and the biometric parameter 
data stored in said local access unit do not correspond; 
and 

storing the entrance biometric parameter data in corre- 
spondence with the entered identification data in the 
local access unit when the entrance biometric param- 
eter data and the biometric parameter data stored in the 
local access unit do not correspond and the identifica- 
tion data of an authorized person is entered through the 
local access unit. 

« « * * « 
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